While the name of this growing threat might sound funny, being a victim of it is no joke.
Similar to a “phishing” scam — where computer users receive an authentic-looking email that appears to be from their bank, Internet Service Provider (ISP), favorite store, or other organization – “smishing” messages are sent to you via SMS (text message) on your mobile phone.
What does the sender want? To defraud you.
“Criminals like smishing because users tend to trust text messages, as opposed to email, of which many people are more suspicious, due to phishing attacks,” says Stephen Cobb, a security researcher at ESET, a global cybersecurity company.
“As smartphones are the primary means of accessing the Internet in some countries, this has tempted criminals around the world to invest in scams that target these devices.”
“That means there is no shortage of skills in this space, skills that criminals can tap to target cellphone users in any country they chose,” Cobb adds.
So, what does it look like?
Cybercriminals are trying to lure you into providing account information — such as a login name, password or credit card info — by tapping on a link that takes you to a web site. Here they can get enough info to steal your identity. Or you might be asked to answer questions via text message or advised to call a phone number.
In some cases, you’ll receive a text message with a sense of urgency:
• Dear customer, Bank of America needs you to verify your PIN number immediately to confirm you’re the proper account holder. Some accounts have been breached. We urgently ask you to protect yourself by confirming your info here.
Sometimes, scammers try to capitalize on something timely, like tax filing season:
• “IRS Notice: Tax Return File Overdue! Click here to enter your information to prevent being prosecuted.”
Or, perhaps, it will come in the form of a more personal note:
• Beautiful weekend coming up. Wanna go out? Sophie gave me your number. Check out my profile here: [URL]
Or, you might fall for a smishing scam if you think you can win something:
• Your entry last month has WON. Congratulations! Go to [URL] and enter your winning code – 1122 – to claim your $1,000 Best Buy gift card!
What can you do about it?
You can fight “smishing” in a few ways:
* If you get a suspicious looking text (or email) on your phone and it asks you to urgently confirm information, it's not coming from a legitimate institution. Therefore, don't reply and don't tap on the link in the message. Simply delete it. Your bank, financial institution, ISP or favorite online retailer will never ask for sensitive info this way. When in doubt, contact the company yourself. Even though you might be tempted to hit Reply and tell them to leave you alone, you’re only confirming your phone number is valid, which might invite even more scams.
* Anti-malware (“malicious software”) software exists for mobile devices, many of which can detect and stop a smishing attempt. This serves as an extra line of defense from these malicious types, but you must still exercise common sense.
ESET, the cybersecurity company Cobb is a researcher for, has a free Google Play app called ESET Mobile Security & Antivirus. Features include antivirus, remote lock and siren, GPS localization, and tablet support, while upgrading to Premium ($14.99/year) adds SMS and call filters, remote wiping, anti-phishing, photo snapshots (of someone trying to log into your device), and more.
Other providers of similar software include Norton Anti-Virus and McAfee. On a related note, be sure to always update your smartphone's operating system to the latest version.
* Look for suspicious charges on your monthly phone bill. Even if you never responded to one of these texts, it doesn't hurt to look at your itemized charges to see if there's anything that looks off. If it does, contact your phone provider right away to dispute the charges. Don't worry, they've heard it all before. Resist entering contests that ask you to provide your mobile number, as you’re setting yourself up for these kinds of scams. Similarly, don’t post your mobile phone number on social media or other public forums.
* When mobile shopping, stick with reputable retailers. When giving out financial information, like your credit card, always be sure to look for indicators that the site is secure, such as a little lock icon on the browser's status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). On a related note, never tap on a link to a retailer to shop online -- just in case it's a scam. Instead, manually type in the store's URL (e.g. amazon.com) or use the store’s official app.
Follow Marc on Twitter: @marc_saltzman. E-mail him at firstname.lastname@example.org.
© 2017 USATODAY.COM